Privacy Policy
Effective Date: April 11, 2026
This English-language privacy policy is provided for the convenience of English-speaking users. In the event of any discrepancy between this version and the Hebrew version, the Hebrew version shall prevail.
1. Introduction & Data Controller
Welcome to meidahon.co.il("the Site"), a financial education platform operated by Ido Weissfrom Israel ("we", "us", the "Operator", or the "Data Controller"). We are committed to protecting your privacy and handling your personal data responsibly.
This privacy policy explains what information we collect when you use the Site, how we use it, with whom we share it, and what rights you have regarding your data. It applies to all pages and services on meidahon.co.il, including the English-language Olim Guide section.
The collection and processing of personal data on this Site is governed by the Israeli Privacy Protection Law, 5741-1981, as amended by Amendment No. 13 (effective August 14, 2025), and the Privacy Protection (Information Security) Regulations, 5777-2017. Providing personal data through the Site is entirely voluntary. There is no legal obligation to provide any information, though some features may not be available without it.
Privacy Contact Details
Data Controller: Ido Weiss
Dedicated privacy email: privacy@meidahon.co.il
General contact email: info@meidahon.co.il
Postal address: 37 Arlozorov St., Tel Aviv, Israel
2. Data We Collect
2.1 Data You Voluntarily Provide
Account registration - When you create an account, we collect your email address and password. If you sign in with Google, we receive your name, email address, and profile photo from your Google account.
Profile photos - If you upload a profile photo, it is stored in Firebase Storage.
Reading history & gamification - Your content reading history, progress levels, and gamification data are stored in Firestore to personalize your experience.
Newsletter preferences - If you subscribe to the newsletter, your preferences are stored in Firestore.
Contact form - When you submit the contact form, we collect your name, email address, and message.
Newsletter signup - When you subscribe to our newsletter, your email address is stored in Firestore and in our email delivery service (Resend).
2.2 Data Collected Automatically
When you visit the Site, we may automatically collect certain technical data, including:
IP address
Browser type and version
Device type and operating system
Screen resolution
Referring website (the page that linked you to our Site)
Session data, including duration, pages visited, and navigation patterns
User interactions such as clicks, scrolling behavior, and search queries
Language settings and approximate geolocation
reCAPTCHA behavioral data (mouse movements and interaction patterns used for spam prevention)
3. How We Use Your Data
We use the data we collect for the following purposes:
Delivering the educational content and services provided by the Site
Managing your user account, including authentication, reading history, and learning progress tracking
Improving user experience through anonymous usage analysis
Storing your preferences, such as dark/light mode and cookie consent choices
Displaying personalized advertisements through Google AdSense (only with your consent)
Protecting against spam and abuse using Google reCAPTCHA
Responding to inquiries submitted through the contact form
Sending newsletter emails to subscribers who have opted in
Protecting our legal rights and complying with applicable law
4. Third-Party Services
We use the following third-party services that may collect or process your data:
4.1 Firebase Authentication & Firestore
We use Google's Firebase platform for user authentication and data storage. Your account information, profile data, and reading history are stored in Firebase Firestore. Data is processed on servers located in the United States. For more information, see the Firebase Privacy Policy.
4.2 Google Analytics (Firebase Analytics)
We use Google Analytics (integrated through Firebase Analytics) to collect anonymous usage statistics. This service uses cookies, including _ga and _ga_*, to identify unique users and track sessions. Data is processed on servers located in the United States. For more information, see the Google Privacy Policy.
4.3 Google AdSense
We use Google AdSense to display advertisements on the Site. AdSense may use cookies to serve personalized ads based on your browsing behavior. Advertising cookies are only active in the production environment and are loaded only after you provide consent. For more information, see Google's Advertising Policies and How Google Uses Data from Partner Sites.
4.4 Google reCAPTCHA Enterprise v3
We use Google reCAPTCHA Enterprise v3 to protect the contact form against spam and automated abuse. This service collects behavioral data (such as mouse movements and interaction patterns) to determine whether a visitor is human. Use of reCAPTCHA is subject to the Google Privacy Policy and Google Terms of Service.
4.5 TradingView
The Site embeds TradingView widgets to display real-time market data. These widgets may set their own cookies. For more information, see the TradingView Privacy Policy.
4.6 Resend
We use Resend as our email delivery service for sending newsletter and confirmation emails. Email addresses of subscribers are processed on Resend's servers located in the United States. For more information, see the Resend Privacy Policy.
4.7 rss2json
We use rss2json as a proxy service to fetch RSS feeds for the financial news section. No personal data is transmitted through this service.
4.8 Sentry (Error Monitoring)
We use Sentry for application error monitoring and diagnostics. Sentry may capture error details (stack traces), URLs, browser type, and event timing. We do not send personally identifiable information to Sentry (sendDefaultPii: false), and any Session Replay recordings automatically mask all text and form inputs (maskAllText, maskAllInputs). Session Replay is only enabled after you have consented to analytics cookies and runs at a limited sample rate. Sentry processes data on servers located in the United States. For more information, see the Sentry Privacy Policy.
4.9 Fonts (IBM Plex Sans Hebrew)
The Site uses the IBM Plex Sans Hebrew font family, loaded through next/font. Fonts are downloaded at build time and self-hosted from the Site's own origin, so your IP address is not sent to Google or any other third party when fonts are loaded.
5. Sharing Data with Third Parties
We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:
Service providers - With the third-party services listed in Section 4, which act as data processors on our behalf
Legal requirements - When required by law, regulation, or court order
Protection of rights - When necessary to protect our rights, safety, or property, or those of our users or the public
Business transfers - In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, which will be bound by this privacy policy
6. International Data Transfers
Some of the third-party services we use (including Google Analytics, Google AdSense, Google reCAPTCHA, and Firebase) process data on servers located in the United States and other countries outside of Israel. These transfers are subject to appropriate safeguards, including Google's Standard Contractual Clauses (SCC), to ensure your data is protected in accordance with applicable privacy laws.
7. Cookie Policy
The Site uses cookies and similar technologies (such as localStorage) to provide core functionality, analyze usage, and deliver advertisements. The following table describes the cookies and storage mechanisms used:
| Category | Name | Purpose | Expiry |
|---|---|---|---|
| Essential | meidahon.cookie-consent | Stores your cookie consent preference | No expiry (localStorage) |
| Essential | meidahon-theme-mode | Stores your dark/light mode preference | No expiry (localStorage) |
| Analytics | _ga | Google Analytics unique user identifier | 2 years |
| Analytics | _ga_* | Google Analytics session state | 2 years |
| Advertising | AdSense cookies | Interest-based advertising (active in production only) | Variable (set by Google) |
| Third-party | TradingView cookies | Market data widget operation | Variable (set by TradingView) |
Analytics and advertising cookies are loaded only after you provide explicit consent. Essential cookies are required for the basic operation of the Site and cannot be disabled.
You can manage cookies through your browser settings. Please note that blocking essential cookies may impair the functionality of the Site.
8. Data Retention
We retain your data for as long as necessary to fulfill the purposes described in this policy:
User account data- Retained while your account is active. You can delete your account and all associated data immediately from the Profile page using the "Delete Account" button, which removes your data from Firebase Authentication, Firestore, Storage, and Resend in real time. Manual deletion requests sent to privacy@meidahon.co.il are fulfilled within 30 days under Amendment 13.
Reading history & rank data - Deleted when your account is deleted.
Newsletter data - Retained until you unsubscribe. Upon unsubscribing, your email is removed from Resend and marked as inactive in Firestore within 30 days.
Analytics data- Retained for 14 months (Google's default retention period).
Contact form inquiries - Retained for up to 1 year.
Preference cookies - Retained until you delete them from your browser or device.
Advertising data- Retained in accordance with Google's data retention policies.
9. Data Security
We take reasonable measures to protect your personal data, including:
HTTPS/TLS encryption for all data transmitted between your browser and our servers
Firebase Hosting on Google Cloud infrastructure with enterprise-grade security
reCAPTCHA protection on forms to prevent spam and automated attacks
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
In the event of a security incident, we will act in accordance with the Israeli Privacy Protection (Information Security) Regulations, 2017, including notifying affected users and the relevant authorities as required.
10. Your Rights Under Israeli Privacy Law
Under the Israeli Privacy Protection Law, 5741-1981, as amended by Amendment No. 13 (effective August 14, 2025), you have the following rights regarding personal data we hold about you:
10.1 Right of Access & Data Portability
You have the right to access your personal data and receive details about its processing. Registered users can download a full copy of their data in structured JSON format directly from the Profile page using the "Download My Data" button. The export includes all data stored in Firebase (profile, reading history, bookmarks, learning progress, notifications, badges, and achievements).
10.2 Right to Correction
You have the right to request correction of inaccurate, incomplete, or outdated personal data. You can update profile details (display name, photo, preferences) directly from the Profile page. For other correction requests, email privacy@meidahon.co.il.
10.3 Right to Erasure (Right to be Forgotten)
You have the right to request complete deletion of your user account and all personal data we hold. Deletion is available immediately from the Profile page using the "Delete Account" button and email confirmation. The action immediately removes all data from Firebase Authentication, Firestore (including all account subcollections), Firebase Storage, and the Resend newsletter audience. To protect against misuse, account deletion requires fresh authentication if your last login was more than five minutes ago.
10.4 Right to Withdraw Consent
You may withdraw consent for analytics and advertising cookies at any time through the "Cookie Settings" link in the footer. You may also unsubscribe from the newsletter at any time using the link in every email or through the newsletter preferences page.
10.5 Right to Object
You have the right to object to the processing of your data for direct marketing or profiling activities. To exercise this right, email privacy@meidahon.co.il.
10.6 Exercising Your Rights
For requests not available directly through the Site, email privacy@meidahon.co.il. We commit to responding within 30 days of receipt, in accordance with Israel Privacy Protection Authority guidance.
You also have the right to file a complaint with the Israel Privacy Protection Authority.
11. Additional Rights for EU Residents (GDPR)
If you are located in the European Union or European Economic Area, you are entitled to the following additional rights under the General Data Protection Regulation (GDPR):
Data portability - You may request a portable copy of your data in a structured, commonly used, machine-readable format.
Restriction of processing - You may request that we restrict the processing of your personal data under certain circumstances.
Complaint to a supervisory authority - You have the right to file a complaint with the data protection supervisory authority in your country of residence.
Legal Bases for Processing
We process your personal data on the following legal bases:
Consent - For analytics cookies and advertising cookies (you may withdraw consent at any time)
Legitimate interest - For anonymous usage analysis to improve the Site
Contractual necessity - For responding to inquiries submitted through the contact form
12. Children's Privacy
The Site is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. At account registration, users are required to affirm that they are 16 or older. If we learn that we have collected personal data from a child under 16 without parental or guardian consent, we will delete the information promptly. If you believe that a child under 16 has provided us with personal data, please contact us at privacy@meidahon.co.il.
12a. Automated Decision-Making & Profiling
The Site includes two tools that apply automated logic to data you voluntarily provide:
Mad Hon: a financial health assessment tool that computes an overall score and seven pillar scores (income, expenses, savings, debt, pension, insurance, investments) based on your answers. The score is used for illustration and content recommendations only and does not constitute a financial diagnosis, credit rating, or substitute for professional advice.
Archetype System (Score):a classification system that assigns users to a financial archetype (e.g., "Cautious Saver", "Young Investor") based on Mad Hon answers, used to personalize the homepage and content recommendations.
Both tools operate based on explicit consent obtained before you start using Mad Hon. The logic relies on fixed, documented formulas (not machine learning or neural networks), so results are fully explainable. Users who want an explanation of their score or who wish to object to automated processing may email privacy@meidahon.co.il and request a human review of their results.
12b. Security Incident Notification
In accordance with Amendment 13 to the Privacy Protection Law and the 2017 Information Security Regulations, in the event of a material security incident affecting user privacy, we will follow an internal playbook that includes:
Prompt notification (generally within 72 hours of discovery) to the Israel Privacy Protection Authority.
Direct notification to affected users where required by law, with information about the nature of the incident, the types of data involved, and the mitigation steps taken.
Full internal documentation of the incident, discovery timeline, response actions, and lessons learned.
13. Changes to This Policy
We reserve the right to update this privacy policy at any time. If we make material changes, we will notify you through a prominent notice on the Site and/or by updating the cookie consent banner (which may require you to provide consent again).
We encourage you to review this page periodically. The effective date at the top of this page indicates when the policy was last updated.
14. Contact Us
If you have any questions about this privacy policy, wish to exercise your rights, or have concerns about how your data is handled, please contact us:
Privacy email: privacy@meidahon.co.il
General email: info@meidahon.co.il
You may also contact the Israel Privacy Protection Authority for guidance or to file a complaint.